Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: Can't fix the Somoto.BetterInstaller with Spybot!

  1. #1
    Junior Member
    Join Date
    Feb 2015
    Posts
    15

    Default Can't fix the Somoto.BetterInstaller with Spybot!

    Okay so I did a scan with spybot because my informatic teacher told us to try that at home. So I had a lot of problem to fix so they all got fixed except Somoto.BetterInstaller. It says "some problem couldn't be fixed; the reason could be that associated files are still in use (memory). This could be fixed after a restart. (...)" but after the restart it said the same so... I don't know what to do anymore... The 2 things under somoto.betterinstaller are (SBI $B8A7F4F7) root class HKEY_LOCAL_MACHINE_\SOFTWARE\Classes\sdp and the second one is the same except that at the end it's \sdp (64 bit). And i don't know if it's related to the virus or something but i have weird shortcut on my desktop that appeared there when i just opened it (they look pale and have almost the same name as some of my file for my homework except there's an ~ instead of the first letter and then there's 2 file named desktop.ini pale too and 3 file named ~Wrl0373.tmp ~wrl2642.tmp ~wrl3180.tmp) they look suspicious :( :( :(

    So, I've posted my problem in the wrong forum and they refered me here ^^ so I have the log
    I have Spybot, Avast! anvtivirus, Hitmanpro 3.7

    THANK YOU!!!!





    FRST.txt :

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
    Ran by Jessica (administrator) on JESSICA-HP on 08-02-2015 13:31:30
    Running from C:\Users\Jessica\Desktop
    Loaded Profiles: Jessica (Available profiles: Jessica)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    ( ) C:\Windows\System32\lxducoms.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
    (Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe
    (Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
    (Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
    (Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [AgentAntidote32] => C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe [1214496 2014-04-17] (Druide informatique inc.)
    HKLM\...\Run: [AgentAntidote64] => C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe [1371680 2014-04-17] (Druide informatique inc.)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 1999-12-31] (IDT, Inc.)
    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7032320 2014-09-02] (Broadcom Corporation)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-09-27] (Intel Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
    HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
    HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [Google Update] => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-31] (Google Inc.)
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: F - F:\Autorun.exe
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {0f98fe82-32d1-11e4-bc44-806e6f6e6963} - D:\installer.exe
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {872b4627-a482-11e2-a3cb-78e3b5657a3c} - G:\autorun.exe
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {f5c6f352-f338-11e1-a99d-806e6f6e6963} - F:\Autorun.exe
    Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com/?fr=hp-avast&type=avastbcl
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
    SearchScopes: HKLM -> {25E212C1-69E6-4924-90D3-CD7783E644F9} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
    SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
    SearchScopes: HKU\S-1-5-21-2557544163-3699447316-167012314-1000 -> {AF94605B-2A56-445D-AE0A-F49AB3139389} URL = http://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=091513&q={searchTerms}&src=IE-SearchBox
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-2557544163-3699447316-167012314-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-2557544163-3699447316-167012314-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Hosts: Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default
    FF DefaultSearchEngine: Yahoo! (Avast)
    FF DefaultSearchUrl: https://ca.search.yahoo.com/yhs/search
    FF SearchEngineOrder.1: Yahoo! (Avast)
    FF SelectedSearchEngine: Yahoo! (Avast)
    FF Homepage: https://ca.yahoo.com?fr=hp-avast&type=avastbcl
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jessica\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
    FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jessica\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF SearchPlugin: C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\searchplugins\yahoo-avast.xml
    FF Extension: Module d'Antidote - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\Extensions\antidote7_win_firefox_103@druide.com [2014-06-13]
    FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-01-05]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-29]

    Chrome:
    =======
    CHR HomePage: Default -> https://www.google.ca/?gfe_rd=cr&ei=...DION8QeZp4HoDw
    CHR StartupUrls: Default -> "https://www.google.ca/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (HP Product Detection Plugin) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2015-02-06]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
    CHR Extension: (Adblock Plus) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-20]
    CHR Extension: (Grass) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla [2015-02-06]
    CHR Extension: (Google Wallet) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
    CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    StartMenuInternet: Google Chrome.S637RQSX4AEF2GNVA2WS2VIQTE - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
    R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-10] (SurfRight B.V.)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
    R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( ) [File not signed]
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-17] (Electronic Arts)
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 1999-12-31] (IDT, Inc.) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5878272 2014-09-02] (Broadcom Corporation) [File not signed]
    S2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-20] (Broadcom Corporation.)
    R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation.)
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-09-27] (Intel Corporation)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
    S1 aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys [X]
    S1 aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-08 13:31 - 2015-02-08 13:32 - 00030738 _____ () C:\Users\Jessica\Desktop\FRST.txt
    2015-02-08 13:29 - 2015-02-08 13:31 - 00000000 ____D () C:\FRST
    2015-02-08 13:29 - 2015-02-08 13:29 - 02132992 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
    2015-02-08 13:26 - 2015-02-08 13:26 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JESSICA-HP-Windows-7-Home-Premium-(64-bit).dat
    2015-02-08 13:24 - 2015-02-08 13:24 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\RegBackup
    2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2015-02-08 13:23 - 2015-02-08 13:23 - 04803888 _____ () C:\Users\Jessica\Desktop\tweaking.com_registry_backup_setup.exe
    2015-02-02 16:57 - 2015-02-02 16:57 - 00001258 _____ () C:\Users\Jessica\Desktop\Spybot - Search & Destroy.lnk
    2015-02-02 16:57 - 2015-02-02 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    2015-02-02 16:56 - 2015-02-02 17:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-02-02 16:56 - 2015-02-02 16:57 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
    2015-02-01 21:16 - 2015-02-06 19:32 - 05163090 _____ () C:\Users\Jessica\Desktop\affiche cpac2.pptx
    2015-01-21 15:20 - 2015-02-06 08:53 - 00000000 ____D () C:\Users\Jessica\Desktop\INFO1003
    2015-01-18 10:47 - 2015-02-08 13:21 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForJessica.job
    2015-01-18 10:47 - 2015-02-08 13:20 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJessica
    2015-01-15 21:09 - 2014-12-18 23:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 12:42 - 2014-12-18 21:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 12:42 - 2014-12-12 01:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 12:42 - 2014-12-12 01:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-14 12:42 - 2014-12-12 01:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-14 12:42 - 2014-12-12 01:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-14 12:42 - 2014-12-12 01:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 12:42 - 2014-12-12 01:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-14 12:42 - 2014-12-12 01:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-14 12:42 - 2014-12-11 13:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 12:42 - 2014-12-06 00:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 12:42 - 2014-12-05 23:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-14 12:42 - 2014-12-05 23:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-11 21:31 - 2015-01-11 22:02 - 00000000 ____D () C:\Foldit
    2015-01-11 21:31 - 2015-01-11 21:31 - 00001408 _____ () C:\Users\Public\Desktop\Foldit.lnk
    2015-01-11 21:31 - 2015-01-11 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foldit
    2015-01-11 13:16 - 2015-01-11 13:16 - 00000328 _____ () C:\Users\Jessica\Desktop\HP Printer Diagnostic Tools.url

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-08 13:32 - 2012-08-31 18:21 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core.job
    2015-02-08 13:31 - 2012-01-14 11:31 - 01071901 _____ () C:\Windows\WindowsUpdate.log
    2015-02-08 13:23 - 2012-08-31 21:07 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F39F52ED-33BB-48EE-8D13-48634EE5AB17}
    2015-02-08 13:22 - 2013-09-29 16:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-02-08 13:21 - 2012-08-31 18:21 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA.job
    2015-02-08 13:20 - 2014-09-02 15:15 - 00022223 _____ () C:\Windows\SysWOW64\Gms.log
    2015-02-08 13:20 - 2012-10-03 15:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-08 13:20 - 2012-09-30 20:39 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA.job
    2015-02-08 13:20 - 2012-09-30 20:39 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core.job
    2015-02-08 13:20 - 2012-09-17 15:18 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-08 13:20 - 2012-09-17 15:17 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-06 21:09 - 2014-01-22 19:16 - 00000000 ____D () C:\Users\Jessica\Desktop\autre
    2015-02-06 21:08 - 2015-01-04 11:32 - 00000000 ____D () C:\Users\Jessica\Desktop\Hiver 2015
    2015-02-06 21:07 - 2012-11-27 22:28 - 00000000 ____D () C:\Users\Jessica\Desktop\photos
    2015-02-06 21:07 - 2012-09-09 09:55 - 00000000 ____D () C:\Users\Jessica\Desktop\UdeM
    2015-02-06 21:01 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-06 21:01 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-06 20:53 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-06 20:52 - 2012-08-31 18:47 - 00000000 ____D () C:\Windows\Corel
    2015-02-06 20:52 - 2010-11-20 23:47 - 00870788 _____ () C:\Windows\PFRO.log
    2015-02-06 20:52 - 2009-07-14 00:51 - 00100969 _____ () C:\Windows\setupact.log
    2015-02-06 19:02 - 2012-10-03 15:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-06 19:02 - 2012-10-03 15:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-06 19:02 - 2011-10-31 19:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-06 18:01 - 2015-01-05 21:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-02-06 18:01 - 2014-05-20 18:47 - 00000000 ____D () C:\Program Files (x86)\Citrix
    2015-02-06 08:53 - 2009-07-14 01:13 - 00784366 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-06 08:49 - 2012-08-31 18:22 - 00002376 _____ () C:\Users\Jessica\Desktop\Google Chrome.lnk
    2015-02-06 08:45 - 2012-08-31 10:28 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Skype
    2015-02-05 10:57 - 2012-08-31 18:21 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA
    2015-02-05 10:57 - 2012-08-31 18:21 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core
    2015-02-05 10:34 - 2011-10-31 20:12 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2015-02-05 10:34 - 2011-10-31 20:12 - 00000000 ____D () C:\ProgramData\Skype
    2015-01-28 16:03 - 2012-08-31 18:20 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Deployment
    2015-01-28 15:53 - 2012-09-03 10:02 - 00075264 ___SH () C:\Users\Jessica\Documents\Thumbs.db
    2015-01-28 09:05 - 2012-09-02 19:04 - 00000000 ____D () C:\Users\Jessica\AppData\Local\CrashDumps
    2015-01-26 23:50 - 2012-09-01 18:02 - 00000000 ____D () C:\Program Files (x86)\Origin
    2015-01-25 18:50 - 2013-01-21 12:49 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-01-25 18:50 - 2012-09-01 18:55 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-01-21 16:33 - 2012-09-01 18:07 - 00000000 ____D () C:\ProgramData\Origin
    2015-01-19 09:59 - 2015-01-04 11:10 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\HpUpdate
    2015-01-17 12:55 - 2013-09-18 07:25 - 00000000 ____D () C:\Users\Jessica\Downloads\Druide_Téléchargement
    2015-01-15 21:15 - 2013-08-15 01:01 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-15 20:56 - 2012-09-01 09:52 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-12 10:40 - 2009-07-14 00:45 - 00497848 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-01-11 21:27 - 2014-02-09 21:21 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Origin
    2015-01-11 21:25 - 2012-08-31 21:32 - 00136880 _____ () C:\Users\Jessica\AppData\Local\GDIPFONTCACHEV1.DAT

    ==================== Files in the root of some directories =======

    2012-08-31 19:00 - 2012-08-31 19:00 - 0012358 _____ () C:\Users\Jessica\AppData\Roaming\PFP100JCM.{PB
    2012-08-31 19:00 - 2012-08-31 19:00 - 0061678 _____ () C:\Users\Jessica\AppData\Roaming\PFP100JPR.{PB
    2014-01-28 15:38 - 2014-01-28 15:38 - 0018408 _____ () C:\Users\Jessica\AppData\Roaming\UserTile.png
    2014-08-30 09:59 - 2014-10-02 04:11 - 0000069 _____ () C:\Users\Jessica\AppData\Roaming\WB.CFG
    2014-03-02 18:34 - 2014-03-02 18:34 - 0000218 _____ () C:\Users\Jessica\AppData\Local\recently-used.xbel
    2015-01-04 11:09 - 2015-01-04 11:09 - 0000057 _____ () C:\ProgramData\Ament.ini

    Files to move or delete:
    ====================
    C:\Users\Jessica\jagex_cl_runescape_LIVE.dat
    C:\Users\Jessica\random.dat


    Some content of TEMP:
    ====================
    C:\Users\Jessica\AppData\Local\Temp\rootsupd.exe
    C:\Users\Jessica\AppData\Local\Temp\Tsu081D9226.dll
    C:\Users\Jessica\AppData\Local\Temp\Tsu58C84C53.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-04 00:21

    ==================== End Of Log ============================

    Addition.txt :

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
    Ran by Jessica at 2015-02-08 13:33:00
    Running from C:\Users\Jessica\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
    Antidote 8 (HKLM-x32\...\{09AAAB09-6DBA-4DD9-9865-54597D3FBCA8}) (Version: 8.04.1237 - Druide informatique inc.)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Assistant de téléchargement (HKLM-x32\...\{92154A3C-9BB7-49D7-A571-4EB6373FA5AD}) (Version: 6.65.13 - Druide informatique inc.)
    AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
    avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
    AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
    AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.148 - Broadcom Corporation)
    Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.2300 - Broadcom Corporation)
    Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.2300 - Broadcom Corporation)
    Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.148 - Broadcom Corporation)
    Brother MFL-Pro Suite MFC-295CN (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
    Caesar 3 (HKLM-x32\...\Caesar 3) (Version: - )
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Coffee Tycoon (HKLM-x32\...\Coffee Tycoon) (Version: - )
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Connect (HKLM-x32\...\Connect) (Version: 1.4.13206.0 - Cisco Consumer Products LLC)
    Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Creatures Albian Years (HKLM-x32\...\GOGPACKCREATURESALBIANYEARS_is1) (Version: 2.0.0.15 - GOG.com)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4422 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Digital Copy - Despicable Me 2 (HKLM-x32\...\Digital Copy - Despicable Me 2) (Version: - )
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dropbox (HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
    Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Foldit (HKLM-x32\...\Foldit) (Version: - )
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Google Chrome (HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
    Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
    Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
    HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
    HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
    HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
    HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
    HP SimplePass PE 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6466.0 - IDT)
    Influent - Language Learning Game version 4.0 (HKLM-x32\...\{B7437202-B014-4FF9-8C2C-3351873850EA}_is1) (Version: 4.0 - Three Flip Studios)
    Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.6.1000 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    KeyFreeze (HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\266e56dfe0bcee5a) (Version: 1.0.0.1 - KeyFreeze)
    Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
    Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
    Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Minecraft1.4.7 (HKLM-x32\...\Minecraft1.4.7) (Version: - )
    Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
    Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
    Parker Brothers Classic Card Games (HKLM-x32\...\ClassicCard) (Version: - )
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PhoneClean 3.1.0 (HKLM-x32\...\{2FAFFE02-4D6B-4C0A-906B-1B33DAF0DD14}}_is1) (Version: 3.1.0 - iMobie Inc.)
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)
    RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Sid Meier's Ace Patrol (HKLM-x32\...\Steam App 244070) (Version: - Firaxis Games)
    Sid Meier's Civilization III: Complete (HKLM-x32\...\Steam App 3910) (Version: - Firaxis Games)
    Sid Meier's Civilization IV (HKLM-x32\...\Steam App 3900) (Version: - Firaxis Games)
    Sid Meier's Civilization IV: Beyond the Sword (HKLM-x32\...\Steam App 8800) (Version: - Firaxis Games)
    Sid Meier's Civilization IV: Colonization (HKLM-x32\...\Steam App 16810) (Version: - Firaxis Games)
    Sid Meier's Civilization IV: Warlords (HKLM-x32\...\Steam App 3990) (Version: - Firaxis Games)
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
    Sid Meier's Railroads! (HKLM-x32\...\Steam App 7600) (Version: - Firaxis Games)
    SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
    SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
    System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
    System Requirements Lab Detection (HKLM-x32\...\{539CD9D5-487D-4C5A-A7BE-FA0C787C4D61}) (Version: 2.2.3.0 - Husdawg, LLC)
    The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
    The Sims Medieval Pirates and Nobles (HKLM-x32\...\{0CC21836-A5D6-4641-B4AE-6FA01D021E41}) (Version: 2.0.109 - Electronic Arts)
    The Sims(tm) Medieval (HKLM-x32\...\{D3F66B94-DF84-4686-832E-D5761B478BF0}) (Version: 2.0.113.00107 - Electronic Arts)
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
    The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
    The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
    The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
    The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
    The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
    The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
    The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
    The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
    The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
    The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
    The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
    The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Trade Empires (remove only) (HKLM-x32\...\Trade Empires) (Version: - )
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.0 - Tweaking.com)
    Unity Web Player (HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Utilitaires Sierra (HKLM-x32\...\Utilitaires Sierra) (Version: - )
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
    VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
    WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Zoo Tycoon 2 - Zookeeper Collection (HKLM-x32\...\InstallShield_{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}) (Version: 1.00.0000 - Microsoft Game Studios)
    Zoo Tycoon 2 - Zookeeper Collection (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.7\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{5563940C-ABF0-47B4-BB0E-B5D8680B570A}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\MoteurIntegration.exe (Druide informatique inc.)
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{5563940D-49FD-4F1A-96AA-147B474290EE}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\MoteurIntegration.exe (Druide informatique inc.)
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8E}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe (Druide informatique inc.)
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8F}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\Antidote.exe (Druide informatique inc.)
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{AD630E0F-BF29-4791-AD3B-A289E884E37C}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\Antidote.exe (Druide informatique inc.)
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2557544163-3699447316-167012314-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================

    13-01-2015 13:27:08 Windows Update
    15-01-2015 21:15:59 Windows Modules Installer
    16-01-2015 08:47:47 Windows Update
    20-01-2015 11:04:03 Windows Update
    28-01-2015 09:09:42 Windows Update
    03-02-2015 15:04:06 Windows Update
    06-02-2015 18:50:38 OTL Restore Point - 06/02/2015 6:50:32 PM

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0AE8BD4F-B333-431C-B30F-84DEFAB00705} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
    Task: {1B6A4A05-6555-4DB2-9920-EE08C7C889EA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31] (Google Inc.)
    Task: {1BBA5FDC-3AA7-435A-8F54-38FEAAB8A0B9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
    Task: {1BC0FC16-EE23-486C-BFEC-558130761A7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
    Task: {21203EDA-3CAD-4376-8138-7B15D5635D89} - System32\Tasks\{94672513-310A-4752-B1EF-9D085521CBDE} => pcalua.exe -a "C:\Users\Jessica\Desktop\Coffee Tycoon By ripgamingzone.blogspot.com.exe" -d C:\Users\Jessica\Desktop
    Task: {2B2DFD4C-E92D-40A1-80D5-11F693C317B2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
    Task: {35A0919D-4673-4B5A-B988-638517C5B04C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Tune-up Postponed => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {4FAB5426-7C74-4C3E-8F57-CD80B25131C1} - System32\Tasks\HPCeeScheduleForJessica => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {55546AFE-D86B-4EEE-97DE-FAB89355BE68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
    Task: {564A7D01-8E8E-4221-B48F-D8CAB0088727} - System32\Tasks\{9DB6F380-C757-4C6E-A46F-3B88881CB136} => pcalua.exe -a "C:\Program Files\Microsoft Games\Age of Empires II\age2upa.exe" -d "C:\Program Files\Microsoft Games\Age of Empires II"
    Task: {5690E9EA-06FD-4371-B71F-834A73264531} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-04] (AVAST Software)
    Task: {586220CC-14EA-4A2E-B859-A9637AA740AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {59356721-57C4-4526-8F63-BFAEFD23E63E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA => C:\Users\Jessica\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: {5E7548A6-FE9F-49C4-981E-EFB21FDE514B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
    Task: {6146C269-5251-458B-A168-F1C49E28FDDA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {69FD4A86-9200-439A-831D-225F33D7428A} - System32\Tasks\{8DA1DDE9-C13E-44F8-8E09-1ABC80F963BD} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)
    Task: {77D8277C-B573-4B15-B14B-161A1F216CC9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-22] (CyberLink)
    Task: {77E21822-4971-48E2-89C6-A060FCA994FE} - System32\Tasks\{AA012DD7-EE07-4682-A5B7-B59D4BB76B7C} => pcalua.exe -a C:\Users\Jessica\Desktop\Age-of-Empires-II.exe -d C:\Users\Jessica\Desktop
    Task: {790D69B7-3063-4EB0-A0FC-06936BE0280D} - System32\Tasks\{D5BEC335-1F00-41E1-A6E1-BDCE190F8071} => pcalua.exe -a C:\ProgramData\sAvEnsoharree,\LbA6W7x0oP.exe -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
    Task: {88966706-731C-4D07-AD2A-EEC73833FF04} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
    Task: {8DE597E0-605F-4DA0-ACAC-873532091078} - System32\Tasks\{C821A77E-31DB-4387-960A-D95C237DBD6B} => pcalua.exe -a "C:\Program Files\Microsoft Games\Age of Empires II\SETUPREG.EXE" -d "C:\Program Files\Microsoft Games\Age of Empires II"
    Task: {93F181FC-5E12-43AA-B30F-8EF690E46858} - System32\Tasks\{5D2186AD-918F-4BC5-9DDC-4F1B3A9C44B4} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)
    Task: {9BBF6F38-A844-40E7-809C-C92AEE69357C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {B0C0F223-50C6-4A65-86C1-546B85AF5690} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {B2EE0C39-ACD8-4F22-8F02-398D9774B29E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
    Task: {CAB241E8-4C60-4473-A0C5-5511742CFA37} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {CF1B371C-5BBD-4606-86A1-5FE4805BEA38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {F0343CF8-D106-428F-9131-FED303B49B61} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31] (Google Inc.)
    Task: {F0A26ECF-9632-4CDF-B199-5F3D8264AA4F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core => C:\Users\Jessica\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: {F55A58FC-6854-47F5-A7B6-CCE0CD933E75} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core.job => C:\Users\Jessica\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA.job => C:\Users\Jessica\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core.job => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA.job => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForJessica.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) ==============

    2012-09-01 14:03 - 2009-10-16 15:07 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll
    2014-09-01 09:27 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-11-23 20:49 - 2014-09-23 09:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2011-06-27 19:18 - 2011-06-27 19:18 - 00107320 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
    2014-04-04 16:46 - 2014-04-04 16:46 - 00106824 _____ () C:\Program Files (x86)\Druide\Antidote 8\Programmes64\libwebsocketsDruide_8.dll
    2011-08-09 11:44 - 2011-08-09 11:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2014-08-04 13:31 - 2014-08-04 13:31 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2015-02-06 08:45 - 2015-02-06 08:45 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020501\algo.dll
    2015-02-08 13:21 - 2015-02-08 13:21 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020800\algo.dll
    2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-04-04 16:46 - 2014-04-04 16:46 - 00091976 _____ () C:\Program Files (x86)\Druide\Antidote 8\Programmes32\libwebsocketsDruide_8.dll
    2014-08-04 13:31 - 2014-08-04 13:31 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-03-20 10:43 - 2014-03-20 10:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-11-23 20:48 - 2014-09-23 07:43 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
    2015-02-06 08:49 - 2015-02-04 05:02 - 01117512 _____ () C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
    2015-02-06 08:49 - 2015-02-04 05:02 - 00211272 _____ () C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\libegl.dll
    2015-02-06 08:49 - 2015-02-04 05:02 - 09170760 _____ () C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Registry Areas =====================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^Jessica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
    MSCONFIG\startupreg: Lync => "C:\Program Files\Microsoft Office 15\root\office15\lync.exe" /fromrunkey
    MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe

    ==================== Accounts: =============================

    Administrator (S-1-5-21-2557544163-3699447316-167012314-500 - Administrator - Disabled)
    Guest (S-1-5-21-2557544163-3699447316-167012314-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2557544163-3699447316-167012314-1008 - Limited - Enabled)
    Jessica (S-1-5-21-2557544163-3699447316-167012314-1000 - Administrator - Enabled) => C:\Users\Jessica

    ==================== Faulty Device Manager Devices =============

    Name: avast! Network Shield Support
    Description: avast! Network Shield Support
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: aswTdi
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/06/2015 09:10:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program SpybotSD.exe version 1.6.2.46 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1a14

    Start Time: 01d0427124815639

    Termination Time: 42

    Application Path: C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe

    Report Id: 111aaf04-ae66-11e4-99e6-60d819dfe9ec

    Error: (02/06/2015 08:53:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/06/2015 07:07:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 6a8

    Start Time: 01d0425ea9bdf028

    Termination Time: 15

    Application Path: C:\Users\Jessica\Desktop\OTL.exe

    Report Id:

    Error: (02/06/2015 05:40:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/06/2015 08:43:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 50968303

    Error: (02/06/2015 08:43:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 50968303

    Error: (02/06/2015 08:43:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/06/2015 08:43:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 50967289

    Error: (02/06/2015 08:43:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 50967289

    Error: (02/06/2015 08:43:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (02/08/2015 01:20:45 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/08/2015 01:20:41 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/08/2015 01:20:37 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/07/2015 03:28:20 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/07/2015 03:28:16 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/07/2015 03:28:16 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/07/2015 03:28:15 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/07/2015 03:28:14 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/07/2015 03:28:14 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/07/2015 03:28:14 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.


    Microsoft Office Sessions:
    =========================
    Error: (02/06/2015 09:10:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: SpybotSD.exe1.6.2.461a1401d042712481563942C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe111aaf04-ae66-11e4-99e6-60d819dfe9ec

    Error: (02/06/2015 08:53:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/06/2015 07:07:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: OTL.exe3.2.69.06a801d0425ea9bdf02815C:\Users\Jessica\Desktop\OTL.exe

    Error: (02/06/2015 05:40:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/06/2015 08:43:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 50968303

    Error: (02/06/2015 08:43:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 50968303

    Error: (02/06/2015 08:43:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/06/2015 08:43:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 50967289

    Error: (02/06/2015 08:43:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 50967289

    Error: (02/06/2015 08:43:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    CodeIntegrity Errors:
    ===================================
    Date: 2014-10-01 17:56:44.165
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-01 17:56:43.633
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-09-20 22:39:54.791
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-09-20 22:39:54.776
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-09-20 22:39:53.606
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-09-20 22:39:53.590
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
    Percentage of memory in use: 49%
    Total physical RAM: 6091.86 MB
    Available physical RAM: 3088.17 MB
    Total Pagefile: 12181.9 MB
    Available Pagefile: 9016.5 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:672.59 GB) (Free:432.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (TRADE_EMPIRES) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS
    Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 1E40B86E)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=672.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=4 GB) - (Type=0C)

    ==================== End Of Log ============================

    aswMBR.txt :

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2015-02-08 13:35:00
    -----------------------------
    13:35:00.323 OS Version: Windows x64 6.1.7601 Service Pack 1
    13:35:00.323 Number of processors: 4 586 0x2A07
    13:35:00.323 ComputerName: JESSICA-HP UserName: Jessica
    13:35:02.850 Initialize success
    13:35:02.866 VM: initialized successfully
    13:35:02.881 VM: Intel CPU supported virtualizedSuspended
    13:35:04.476 VM: disk I/O iaStorA.sys
    13:35:07.743 AVAST engine defs: 15020800
    13:35:13.504 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
    13:35:13.511 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 11
    13:35:13.678 Disk 0 MBR read successfully
    13:35:13.685 Disk 0 MBR scan
    13:35:13.694 Disk 0 Windows 7 default MBR code
    13:35:13.775 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    13:35:13.784 Disk 0 default boot code
    13:35:13.799 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 688732 MB offset 409600
    13:35:13.833 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 4062 MB offset 1456826368
    13:35:13.972 Disk 0 scanning C:\Windows\system32\drivers
    13:35:29.208 Service scanning
    13:36:07.685 Modules scanning
    13:36:07.687 Disk 0 trace - called modules:
    13:36:07.701 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
    13:36:07.702 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008ad9060]
    13:36:07.703 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa8008949a70]
    13:36:07.704 5 iaStorF.sys[fffff88001deaf84] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa80062675f0]
    13:36:10.529 AVAST engine scan C:\Windows
    13:36:14.029 AVAST engine scan C:\Windows\system32
    13:40:09.217 AVAST engine scan C:\Windows\system32\drivers
    13:40:28.896 AVAST engine scan C:\Users\Jessica
    14:03:41.453 File: C:\Users\Jessica\Downloads\trzB778.tmp **INFECTED** Win32:Agent-AUVV [Trj]
    14:08:34.001 AVAST engine scan C:\ProgramData
    14:13:24.576 Disk 0 statistics 5376529/0/0 @ 1.41 MB/s
    14:13:24.595 Scan finished successfully
    14:15:05.405 Disk 0 MBR has been saved successfully to "C:\Users\Jessica\Desktop\MBR.dat"
    14:15:05.421 The log file has been saved successfully to "C:\Users\Jessica\Desktop\aswMBR.txt"

  2. #2
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi Jess37,

    My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.
    • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

    Please stay with this topic until I let you know that your system appears to be "All Clear"

    Important: All tools MUST be run from the Desktop.

    =========================

    Please post the Spybot log.

    =========================

    P2P - (Peer to Peer)

    I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

    I would strongly recommend that you uninstall this now.

    Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
    • uTorrent
    If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

    =========================

    Security Check

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    =========================

    FRST Fix Script

    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

    Code:
    Start
    CloseProcesses:
    C:\Users\Jessica\Downloads\trzB778.tmp
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKLM -> {25E212C1-69E6-4924-90D3-CD7783E644F9} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
    SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKU\S-1-5-21-2557544163-3699447316-167012314-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    C:\Users\Jessica\jagex_cl_runescape_LIVE.dat
    C:\Users\Jessica\random.dat
    C:\Users\Jessica\AppData\Local\Temp\rootsupd.exe
    C:\Users\Jessica\AppData\Local\Temp\Tsu081D9226.dll
    C:\Users\Jessica\AppData\Local\Temp\Tsu58C84C53.dll
    EmptyTemp:
    CMD: ipconfig /flushdns
    End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST and press the Fix button just once and wait.
    The tool will make a log (Fixlog.txt) please post it to your reply.

    =========================

    Please download AdwCleaner by Xplode and save to your Desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a log file (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that log file in your next reply.
    • A copy of all log files are saved in the C:\AdwCleaner folder which was created when running the tool.

    =========================

    Re-run Farbar Recovery Scan Tool it should be on your desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

    =========================

    In your next post please provide the following:
    • Spybot log
    • checkup.txt
    • Fixlog.txt
    • AdwCleaner[R0].txt
    • new FRST.txt
    • What symptoms are you experiencing?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  3. #3
    Junior Member
    Join Date
    Feb 2015
    Posts
    15

    Default

    Hi OCD! Thank you!

    First, my laptop used to be use by my whole family so I didn't even know it was installed, thank you! It's uninstalled now

    Second, I tried to do all the step in order, but my computer had to restart twice so I had to re-do my Security Check scan because I couldn't find the file after the restart.

    Third, after the AdwCleaner, the file that opened was [S0] intead of [R0] but I'm gonna give you the [R0] that is in the C:\adwcleaner


    Fourth, I don't really have symptoms... I just scanned my computer with Spybot after my teacher told the class to do so and I cleaned a few things but then the somoto thingy didn't want to clean. It was saying something about needing to restart because the file was still in use or in the memory :/ but after a restart it still couldn't be cleaned. So i did a bit of research on the net and it looked like it was hard to clean and then I found another person on that forum with that problem so since every computer is different I did my post The only weird thing that kinda scared me was that after I opened my computer, I had a few files with weird names and they weren't there before. They look pale just like hidden files. I took a print screen and I'm gonna put it as an attachment if you want to check it. There's nothing more than that. Oh when I restarted my laptop after the Security check, all my shortcut on the desktop were mixed and were everywhere on my desktop. I guess it's normal but just in case I'm telling you Ok so all the following logs are in order of the list you gave me at the end of your last post. And again thank you very much

    Spybot log (Checks.150206-2102.txt) :


    --- Report generated: 2015-02-06 21:02 ---


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-01-26 TeaTimer.exe (1.6.4.26)
    2015-02-02 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-01-26 advcheck.dll (1.6.2.15)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2014-11-28 Includes\Adware-000.sbi (*)
    2014-12-05 Includes\Adware-001.sbi (*)
    2015-01-27 Includes\Adware-C.sbi (*)
    2014-01-13 Includes\Adware.sbi (*)
    2014-01-13 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2014-11-14 Includes\Dialer-000.sbi (*)
    2014-11-14 Includes\Dialer-001.sbi (*)
    2014-01-08 Includes\Dialer-C.sbi (*)
    2014-01-13 Includes\Dialer.sbi (*)
    2014-01-13 Includes\DialerC.sbi (*)
    2014-01-09 Includes\Fraud-000.sbi (*)
    2014-11-03 Includes\Fraud-001.sbi (*)
    2014-03-31 Includes\Fraud-002.sbi (*)
    2014-01-09 Includes\Fraud-003.sbi (*)
    2013-04-11 Includes\HeavyDuty.sbi (*)
    2014-11-14 Includes\Hijackers-000.sbi (*)
    2014-11-14 Includes\Hijackers-001.sbi (*)
    2014-01-08 Includes\Hijackers-C.sbi (*)
    2014-01-13 Includes\Hijackers.sbi (*)
    2014-01-13 Includes\HijackersC.sbi (*)
    2014-01-08 Includes\iPhone-000.sbi (*)
    2014-01-08 Includes\iPhone.sbi (*)
    2014-11-14 Includes\Keyloggers-000.sbi (*)
    2014-09-24 Includes\Keyloggers-C.sbi (*)
    2014-01-13 Includes\Keyloggers.sbi (*)
    2014-01-13 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2014-11-14 Includes\Malware-000.sbi (*)
    2014-11-14 Includes\Malware-001.sbi (*)
    2014-11-14 Includes\Malware-002.sbi (*)
    2014-11-14 Includes\Malware-003.sbi (*)
    2014-11-14 Includes\Malware-004.sbi (*)
    2014-11-14 Includes\Malware-005.sbi (*)
    2014-07-09 Includes\Malware-006.sbi (*)
    2014-01-09 Includes\Malware-007.sbi (*)
    2015-01-27 Includes\Malware-C.sbi (*)
    2014-01-13 Includes\Malware.sbi (*)
    2014-01-13 Includes\MalwareC.sbi (*)
    2014-11-14 Includes\PUPS-000.sbi (*)
    2014-01-15 Includes\PUPS-001.sbi (*)
    2014-01-15 Includes\PUPS-002.sbi (*)
    2015-01-27 Includes\PUPS-C.sbi (*)
    2014-01-13 Includes\PUPS.sbi (*)
    2014-01-13 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2014-01-08 Includes\Security-000.sbi (*)
    2014-01-08 Includes\Security-C.sbi (*)
    2014-01-08 Includes\Security.sbi (*)
    2014-01-13 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2014-12-04 Includes\Spyware-000.sbi (*)
    2014-12-09 Includes\Spyware-001.sbi (*)
    2015-01-14 Includes\Spyware-C.sbi (*)
    2014-01-13 Includes\Spyware.sbi (*)
    2014-01-08 Includes\SpywareC.sbi (*)
    2012-11-19 Includes\Tracks.uti
    2014-01-15 Includes\Trojans-000.sbi (*)
    2014-02-26 Includes\Trojans-001.sbi (*)
    2014-11-14 Includes\Trojans-002.sbi (*)
    2014-01-28 Includes\Trojans-003.sbi (*)
    2014-01-15 Includes\Trojans-004.sbi (*)
    2014-10-02 Includes\Trojans-005.sbi (*)
    2014-09-02 Includes\Trojans-006.sbi (*)
    2014-01-15 Includes\Trojans-007.sbi (*)
    2014-07-09 Includes\Trojans-008.sbi (*)
    2014-11-03 Includes\Trojans-009.sbi (*)
    2015-01-21 Includes\Trojans-C.sbi (*)
    2014-04-25 Includes\Trojans-OG-000.sbi (*)
    2014-01-15 Includes\Trojans-TD-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-001.sbi (*)
    2014-01-15 Includes\Trojans-VM-002.sbi (*)
    2014-01-15 Includes\Trojans-VM-003.sbi (*)
    2014-01-15 Includes\Trojans-VM-004.sbi (*)
    2014-01-15 Includes\Trojans-VM-005.sbi (*)
    2014-01-15 Includes\Trojans-VM-006.sbi (*)
    2014-01-15 Includes\Trojans-VM-007.sbi (*)
    2014-01-15 Includes\Trojans-VM-008.sbi (*)
    2014-01-15 Includes\Trojans-VM-009.sbi (*)
    2014-01-15 Includes\Trojans-VM-010.sbi (*)
    2014-01-15 Includes\Trojans-VM-011.sbi (*)
    2014-01-15 Includes\Trojans-VM-012.sbi (*)
    2014-01-15 Includes\Trojans-VM-013.sbi (*)
    2014-01-15 Includes\Trojans-VM-014.sbi (*)
    2014-01-15 Includes\Trojans-VM-015.sbi (*)
    2014-01-15 Includes\Trojans-VM-016.sbi (*)
    2014-01-15 Includes\Trojans-VM-017.sbi (*)
    2014-01-15 Includes\Trojans-VM-018.sbi (*)
    2014-01-15 Includes\Trojans-VM-019.sbi (*)
    2014-01-15 Includes\Trojans-VM-020.sbi (*)
    2014-01-15 Includes\Trojans-VM-021.sbi (*)
    2014-01-15 Includes\Trojans-VM-022.sbi (*)
    2014-01-15 Includes\Trojans-VM-023.sbi (*)
    2014-01-15 Includes\Trojans-VM-024.sbi (*)
    2014-10-06 Includes\Trojans-ZB-000.sbi (*)
    2014-10-27 Includes\Trojans-ZL-000.sbi (*)
    2014-01-09 Includes\Trojans.sbi (*)
    2014-01-09 Includes\TrojansC-02.sbi (*)
    2014-01-09 Includes\TrojansC-03.sbi (*)
    2014-01-16 Includes\TrojansC-04.sbi (*)
    2014-01-09 Includes\TrojansC-05.sbi (*)
    2014-01-09 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

    checkup.txt :

    Results of screen317's Security Check version 0.99.96
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Java 64-bit 8 Update 31
    Adobe Flash Player 16.0.0.305
    Adobe Reader 10.1.8 Adobe Reader out of Date!
    Mozilla Firefox 32.0.3 Firefox out of Date!
    Google Chrome 34.0.1847.137 Google Chrome out of date!
    ````````Process Check: objlist.exe by Laurent````````
    Spybot Teatimer.exe is disabled!
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````

    Fixlog.txt :

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
    Ran by Jessica at 2015-02-08 19:31:29 Run:1
    Running from C:\Users\Jessica\Desktop
    Loaded Profiles: Jessica (Available profiles: Jessica)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    C:\Users\Jessica\Downloads\trzB778.tmp
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKLM -> {25E212C1-69E6-4924-90D3-CD7783E644F9} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
    SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKU\S-1-5-21-2557544163-3699447316-167012314-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    C:\Users\Jessica\jagex_cl_runescape_LIVE.dat
    C:\Users\Jessica\random.dat
    C:\Users\Jessica\AppData\Local\Temp\rootsupd.exe
    C:\Users\Jessica\AppData\Local\Temp\Tsu081D9226.dll
    C:\Users\Jessica\AppData\Local\Temp\Tsu58C84C53.dll
    EmptyTemp:
    CMD: ipconfig /flushdns
    End
    *****************

    Processes closed successfully.
    C:\Users\Jessica\Downloads\trzB778.tmp => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{25E212C1-69E6-4924-90D3-CD7783E644F9}" => Key deleted successfully.
    HKCR\CLSID\{25E212C1-69E6-4924-90D3-CD7783E644F9} => Key not found.
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully.
    HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key not found.
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key deleted successfully.
    HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
    "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
    HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
    C:\Users\Jessica\jagex_cl_runescape_LIVE.dat => Moved successfully.
    C:\Users\Jessica\random.dat => Moved successfully.
    C:\Users\Jessica\AppData\Local\Temp\rootsupd.exe => Moved successfully.
    C:\Users\Jessica\AppData\Local\Temp\Tsu081D9226.dll => Moved successfully.
    C:\Users\Jessica\AppData\Local\Temp\Tsu58C84C53.dll => Moved successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    EmptyTemp: => Removed 5.3 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 19:32:18 ====

    AdwCleaner[R0].txt :

    # AdwCleaner v3.311 - Report created 02/10/2014 at 21:12:32
    # Updated 30/09/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Jessica - JESSICA-HP
    # Running from : C:\Users\Jessica\Desktop\adwcleaner_3.311.exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : Util Caramava
    Service Found : {e6ca9971-30ed-444a-9489-82fca50b2062}Gw64

    ***** [ Files / Folders ] *****

    File Found : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
    File Found : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
    File Found : C:\Users\Jessica\AppData\Roaming\LiveSupport.exe_log.txt
    File Found : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\searchplugins\astromenda.xml
    File Found : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\searchplugins\trovi-search.xml
    File Found : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\user.js
    File Found : C:\Users\Jessica\AppData\Roaming\regsvr32.exe_log.txt
    File Found : C:\Windows\System32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys
    File Found : C:\Windows\System32\roboot64.exe
    Folder Found : C:\Program Files (x86)\Astromenda
    Folder Found : C:\Program Files (x86)\Caramava
    Folder Found : C:\Program Files (x86)\savuEE Net
    Folder Found : C:\ProgramData\374311380
    Folder Found : C:\ProgramData\CheaupMMe
    Folder Found : C:\ProgramData\JoniCouapon
    Folder Found : C:\ProgramData\NetOCOuupono
    Folder Found : C:\ProgramData\savuEE Net
    Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
    Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    Folder Found : C:\Users\Administrator\AppData\Local\torch
    Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
    Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    Folder Found : C:\Users\Guest\AppData\Local\torch
    Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
    Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
    Folder Found : C:\Users\Jessica\AppData\Local\Astromenda
    Folder Found : C:\Users\Jessica\AppData\Local\Chromatic Browser
    Folder Found : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgjlglddicjopgimohdcbmabacamll
    Folder Found : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgjlglddicjopgimohdcbmabacamll
    Folder Found : C:\Users\Jessica\AppData\Local\NativeMessaging
    Folder Found : C:\Users\Jessica\AppData\Local\Temp\App Bud
    Folder Found : C:\Users\Jessica\AppData\Local\torch
    Folder Found : C:\Users\Jessica\AppData\Roaming\Astromenda
    Folder Found : C:\Users\Jessica\AppData\Roaming\Systweak
    Folder Found : C:\Users\Jessica\AppData\Roaming\VOPackage
    Folder Found : C:\Users\Jessica\Documents\Optimizer Pro

    ***** [ Scheduled Tasks ] *****

    Task Found : AmiUpdXp
    Task Found : ASP
    Task Found : Astromenda
    Task Found : WSE_Astromenda

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found : HKCU\Software\Astromenda
    Key Found : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    Key Found : HKCU\Software\RegisteredApplicationsEx
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\systweak
    Key Found : [x64] HKCU\Software\Astromenda
    Key Found : [x64] HKCU\Software\InstallCore
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
    Key Found : [x64] HKCU\Software\Softonic
    Key Found : [x64] HKCU\Software\systweak
    Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
    Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
    Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfcgjlglddicjopgimohdcbmabacamll
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfcgjlglddicjopgimohdcbmabacamll
    Key Found : HKLM\SOFTWARE\InstallCore
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    Key Found : HKLM\SOFTWARE\systweak
    Key Found : HKLM\SOFTWARE\Trymedia Systems
    Key Found : HKLM\SOFTWARE\VBMZ
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfcgjlglddicjopgimohdcbmabacamll
    Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfcgjlglddicjopgimohdcbmabacamll
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17280


    -\\ Mozilla Firefox v29.0.1 (en-GB)

    [ File : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
    Found [Extension] : dlnembnfbcpjnepmfjmngjenhhajpdfd
    Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
    Found [Extension] : jifflliplgeajjdhmkcfnngfpgbjonjg
    Found [Extension] : klibnahbojhkanfgaglnlalfkgpcppfi
    Found [Extension] : pfcgjlglddicjopgimohdcbmabacamll

    *************************

    AdwCleaner[R0].txt - [10402 octets] - [02/10/2014 21:12:32]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10463 octets] ##########

    new FRST.txt :

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
    Ran by Jessica (administrator) on JESSICA-HP on 08-02-2015 19:46:28
    Running from C:\Users\Jessica\Desktop
    Loaded Profiles: Jessica (Available profiles: Jessica)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    ( ) C:\Windows\System32\lxducoms.exe
    (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
    (Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\Install\{FF5553B1-D400-4CC3-A8E8-EF51D3FC0006}\GoogleUpdateSetup.exe
    (Google Inc.) C:\Program Files (x86)\GUM5456.tmp\GoogleUpdate.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [AgentAntidote32] => C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe [1214496 2014-04-17] (Druide informatique inc.)
    HKLM\...\Run: [AgentAntidote64] => C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe [1371680 2014-04-17] (Druide informatique inc.)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 1999-12-31] (IDT, Inc.)
    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7032320 2014-09-02] (Broadcom Corporation)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-09-27] (Intel Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
    HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
    HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-02-03] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [Google Update] => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-31] (Google Inc.)
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: F - F:\Autorun.exe
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {0f98fe82-32d1-11e4-bc44-806e6f6e6963} - D:\installer.exe
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {872b4627-a482-11e2-a3cb-78e3b5657a3c} - G:\autorun.exe
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {f5c6f352-f338-11e1-a99d-806e6f6e6963} - F:\Autorun.exe
    Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com/?fr=hp-avast&type=avastbcl
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2557544163-3699447316-167012314-1000 -> {AF94605B-2A56-445D-AE0A-F49AB3139389} URL = http://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=091513&q={searchTerms}&src=IE-SearchBox
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-2557544163-3699447316-167012314-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Hosts: Hosts file not detected in the default directory

    FireFox:
    ========
    FF ProfilePath: C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default
    FF DefaultSearchEngine: Yahoo! (Avast)
    FF DefaultSearchUrl: https://ca.search.yahoo.com/yhs/search
    FF SearchEngineOrder.1: Yahoo! (Avast)
    FF SelectedSearchEngine: Yahoo! (Avast)
    FF Homepage: https://ca.yahoo.com?fr=hp-avast&type=avastbcl
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jessica\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
    FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2557544163-3699447316-167012314-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jessica\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF SearchPlugin: C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\searchplugins\yahoo-avast.xml
    FF Extension: Module d'Antidote - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\Extensions\antidote7_win_firefox_103@druide.com [2014-06-13]
    FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-01-05]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-29]

    Chrome:
    =======
    CHR HomePage: Default -> https://www.google.ca/?gfe_rd=cr&ei=...DION8QeZp4HoDw
    CHR StartupUrls: Default -> "https://www.google.ca/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Shockwave Flash) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
    CHR Plugin: (Simple Pass 2012) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\npwebsitelogon.dll No File
    CHR Plugin: (Norton Confidential) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Windows Live\™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Users\Jessica\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Profile: C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (HP Product Detection Plugin) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2015-02-06]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
    CHR Extension: (Adblock Plus) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-20]
    CHR Extension: (Grass) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla [2015-02-06]
    CHR Extension: (Google Wallet) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
    CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    StartMenuInternet: Google Chrome.S637RQSX4AEF2GNVA2WS2VIQTE - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
    R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-10] (SurfRight B.V.)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
    R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( ) [File not signed]
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-08] (Electronic Arts)
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 1999-12-31] (IDT, Inc.) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5878272 2014-09-02] (Broadcom Corporation) [File not signed]
    S2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-20] (Broadcom Corporation.)
    R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation.)
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-02-08] ()
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-09-27] (Intel Corporation)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
    S1 aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys [X]
    S1 aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-08 19:46 - 2015-02-08 19:46 - 06103040 _____ () C:\Program Files (x86)\GUT5457.tmp
    2015-02-08 19:46 - 2015-02-08 19:46 - 00000000 ____D () C:\Program Files (x86)\GUM5456.tmp
    2015-02-08 19:38 - 2015-02-08 19:38 - 02112512 _____ () C:\Users\Jessica\Desktop\AdwCleaner.exe
    2015-02-08 19:38 - 2015-02-08 19:38 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
    2015-02-08 19:16 - 2015-02-08 19:16 - 00852594 _____ () C:\Users\Jessica\Desktop\SecurityCheck.exe
    2015-02-08 19:02 - 2015-02-08 19:02 - 00000000 ____D () C:\Users\Jessica\Desktop\CPAC2
    2015-02-08 14:15 - 2015-02-08 14:15 - 00002357 _____ () C:\Users\Jessica\Desktop\aswMBR.txt
    2015-02-08 14:15 - 2015-02-08 14:15 - 00000512 _____ () C:\Users\Jessica\Desktop\MBR.dat
    2015-02-08 13:34 - 2015-02-08 13:34 - 05198336 _____ (AVAST Software) C:\Users\Jessica\Desktop\aswMBR.exe
    2015-02-08 13:33 - 2015-02-08 13:33 - 00048611 _____ () C:\Users\Jessica\Desktop\Addition.txt
    2015-02-08 13:31 - 2015-02-08 19:46 - 00030734 _____ () C:\Users\Jessica\Desktop\FRST.txt
    2015-02-08 13:29 - 2015-02-08 19:46 - 00000000 ____D () C:\FRST
    2015-02-08 13:29 - 2015-02-08 13:29 - 02132992 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
    2015-02-08 13:26 - 2015-02-08 13:26 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JESSICA-HP-Windows-7-Home-Premium-(64-bit).dat
    2015-02-08 13:24 - 2015-02-08 13:24 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\RegBackup
    2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-02-08 13:24 - 2015-02-08 13:24 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2015-02-08 13:23 - 2015-02-08 13:23 - 04803888 _____ () C:\Users\Jessica\Desktop\tweaking.com_registry_backup_setup.exe
    2015-02-02 16:57 - 2015-02-02 16:57 - 00001258 _____ () C:\Users\Jessica\Desktop\Spybot - Search & Destroy.lnk
    2015-02-02 16:57 - 2015-02-02 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    2015-02-02 16:56 - 2015-02-02 17:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-02-02 16:56 - 2015-02-02 16:57 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
    2015-01-21 15:20 - 2015-02-06 08:53 - 00000000 ____D () C:\Users\Jessica\Desktop\INFO1003
    2015-01-18 10:47 - 2015-02-08 13:21 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForJessica.job
    2015-01-18 10:47 - 2015-02-08 13:20 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJessica
    2015-01-15 21:09 - 2014-12-18 23:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 12:42 - 2014-12-18 21:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 12:42 - 2014-12-12 01:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 12:42 - 2014-12-12 01:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-14 12:42 - 2014-12-12 01:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-14 12:42 - 2014-12-12 01:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-14 12:42 - 2014-12-12 01:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 12:42 - 2014-12-12 01:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-14 12:42 - 2014-12-12 01:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-14 12:42 - 2014-12-11 13:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 12:42 - 2014-12-06 00:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 12:42 - 2014-12-05 23:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-14 12:42 - 2014-12-05 23:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-11 21:31 - 2015-01-11 22:02 - 00000000 ____D () C:\Foldit
    2015-01-11 21:31 - 2015-01-11 21:31 - 00001408 _____ () C:\Users\Public\Desktop\Foldit.lnk
    2015-01-11 21:31 - 2015-01-11 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foldit

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-08 19:47 - 2012-09-17 15:18 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-08 19:47 - 2012-09-17 15:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-08 19:47 - 2012-09-17 15:17 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-02-08 19:47 - 2012-09-17 15:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-08 19:46 - 2014-09-02 15:15 - 00006458 _____ () C:\Windows\SysWOW64\Gms.log
    2015-02-08 19:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-08 19:44 - 2009-07-14 00:51 - 00101137 _____ () C:\Windows\setupact.log
    2015-02-08 19:43 - 2013-11-29 11:04 - 00000000 ____D () C:\AdwCleaner
    2015-02-08 19:43 - 2012-01-14 11:31 - 01099351 _____ () C:\Windows\WindowsUpdate.log
    2015-02-08 19:41 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-08 19:41 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-08 19:33 - 2012-09-30 20:39 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA.job
    2015-02-08 19:33 - 2010-11-20 23:47 - 00871448 _____ () C:\Windows\PFRO.log
    2015-02-08 19:31 - 2012-08-31 21:02 - 00000000 ____D () C:\Users\Jessica
    2015-02-08 19:05 - 2012-11-27 22:31 - 00000000 ___RD () C:\Users\Jessica\Desktop\autres docs
    2015-02-08 19:03 - 2012-09-09 09:55 - 00000000 ____D () C:\Users\Jessica\Desktop\UdeM
    2015-02-08 19:02 - 2012-10-03 15:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-08 19:02 - 2012-08-31 18:21 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA.job
    2015-02-08 16:26 - 2014-06-03 20:05 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\uTorrent
    2015-02-08 14:38 - 2012-09-01 18:02 - 00000000 ____D () C:\Program Files (x86)\Origin
    2015-02-08 14:17 - 2012-09-30 20:39 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core.job
    2015-02-08 13:53 - 2013-01-21 12:49 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-02-08 13:53 - 2012-09-01 18:55 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-02-08 13:32 - 2012-08-31 18:21 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core.job
    2015-02-08 13:23 - 2012-08-31 21:07 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F39F52ED-33BB-48EE-8D13-48634EE5AB17}
    2015-02-08 13:22 - 2013-09-29 16:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-02-06 20:52 - 2012-08-31 18:47 - 00000000 ____D () C:\Windows\Corel
    2015-02-06 19:02 - 2012-10-03 15:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-06 19:02 - 2012-10-03 15:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-06 19:02 - 2011-10-31 19:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-06 18:01 - 2015-01-05 21:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-02-06 18:01 - 2014-05-20 18:47 - 00000000 ____D () C:\Program Files (x86)\Citrix
    2015-02-06 08:53 - 2009-07-14 01:13 - 00784366 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-06 08:49 - 2012-08-31 18:22 - 00002376 _____ () C:\Users\Jessica\Desktop\Google Chrome.lnk
    2015-02-06 08:45 - 2012-08-31 10:28 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Skype
    2015-02-05 10:57 - 2012-08-31 18:21 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000UA
    2015-02-05 10:57 - 2012-08-31 18:21 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2557544163-3699447316-167012314-1000Core
    2015-02-05 10:34 - 2011-10-31 20:12 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2015-02-05 10:34 - 2011-10-31 20:12 - 00000000 ____D () C:\ProgramData\Skype
    2015-01-28 16:03 - 2012-08-31 18:20 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Deployment
    2015-01-28 15:53 - 2012-09-03 10:02 - 00075264 ___SH () C:\Users\Jessica\Documents\Thumbs.db
    2015-01-28 09:05 - 2012-09-02 19:04 - 00000000 ____D () C:\Users\Jessica\AppData\Local\CrashDumps
    2015-01-21 16:33 - 2012-09-01 18:07 - 00000000 ____D () C:\ProgramData\Origin
    2015-01-19 09:59 - 2015-01-04 11:10 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\HpUpdate
    2015-01-17 12:55 - 2013-09-18 07:25 - 00000000 ____D () C:\Users\Jessica\Downloads\Druide_Téléchargement
    2015-01-15 21:15 - 2013-08-15 01:01 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-15 20:56 - 2012-09-01 09:52 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-12 10:40 - 2009-07-14 00:45 - 00497848 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-01-11 21:27 - 2014-02-09 21:21 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Origin
    2015-01-11 21:25 - 2012-08-31 21:32 - 00136880 _____ () C:\Users\Jessica\AppData\Local\GDIPFONTCACHEV1.DAT

    ==================== Files in the root of some directories =======

    2012-08-31 19:00 - 2012-08-31 19:00 - 0012358 _____ () C:\Users\Jessica\AppData\Roaming\PFP100JCM.{PB
    2012-08-31 19:00 - 2012-08-31 19:00 - 0061678 _____ () C:\Users\Jessica\AppData\Roaming\PFP100JPR.{PB
    2014-01-28 15:38 - 2014-01-28 15:38 - 0018408 _____ () C:\Users\Jessica\AppData\Roaming\UserTile.png
    2014-08-30 09:59 - 2014-10-02 04:11 - 0000069 _____ () C:\Users\Jessica\AppData\Roaming\WB.CFG
    2014-03-02 18:34 - 2014-03-02 18:34 - 0000218 _____ () C:\Users\Jessica\AppData\Local\recently-used.xbel
    2015-01-04 11:09 - 2015-01-04 11:09 - 0000057 _____ () C:\ProgramData\Ament.ini

    Some content of TEMP:
    ====================
    C:\Users\Jessica\AppData\Local\Temp\Quarantine.exe
    C:\Users\Jessica\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-04 00:21

    ==================== End Of Log ============================





    Now the print screen :
    the pale files on my desktop.jpg

    Thanks

  4. #4
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi Jess37,

    You're quite welcome.

    The icons on your desktop that begin with "~" are Word documents, generally they appear like this when they are still open in Word. Open Word and be sure all the documents are closed.

    If they are still present after you confirm they are closed, the following step may correct the issue. If not, let me know.

    =========================

    Desktop.ini files by default have the System and Hidden attributes set. If you have Show hidden files, folders, and drives turned on, make sure Hide protected operating system files is checked under Windows Explorer's

    Hide protected operating system files

    • To show hidden files, just click on the Organize button in any folder, and then select “Folder and Search Options” from the menu.
    • Click the View tab, and then locate “Show hidden files and folders” in the list.


    • Place a check mark in the box next to "Hide protected operating system files"
    • Click Apply, then OK.

    =========================

    Reset Homepage in Browsers

    Reset Homepage in Internet Explorer

    Open Internet Explorer >Tools >Internet Option >General.



    You have two options:

    • One is to set homepage as a blank page.
    • The other is to set a certain website as the homepage. ( www.google.com )
    • Then click OK to save the change.
    =========================

    Reset Firefox Homepage
    • Click on the Firefox drop down arrow in the upper left corner of your browser.
    • Select Options, the select Options again.
    • On the General tab, locate the Home Page field.
    • Enter the URL you would like to use as your home page (ie: http://www.google.com ), or select the Restore to Default button.
    • Click OK
    =========================

    Reset / Change Homepage in Chrome
    • Click the Chrome menu on the browser toolbar.
    • Select Settings.
      • Add the home button to the browser toolbar
        Home page button is off by default. Select the "Show Home button" checkbox in the "Appearance" section to show it on the browser toolbar.
      • Set your home page
        When the "Show Home button" checkbox is selected, a web address appears below it.
        Click Change to enter a link (i.e. http://www.google.com). You can also choose the New Tab page as your home page.
    =========================

    SystemLook

    Please download SystemLook from one of the links below and save it to your Desktop.

    Download the version suitable to your computer.
    • Right click SystemLook.exe and select "Run as Administrator" to run it.
    • Copy the content of the following code-box into the main text-field:
      Code:
      :filefind
      *Somoto*
      
      :folderfind
      *Somoto*
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    =========================

    AdwCleaner v3: Scan & Clean
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
    • Click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that log file in your next reply.
    • A copy of that log file will also be saved in the C:\AdwCleaner folder.

    =========================

    Junkware Removal Tool

    Download Junkware Removal Tool to your desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Shut down your protection software now to avoid potential conflicts.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    =========================

    FRST Fix Script

    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

    Code:
    Start
    CloseProcesses:
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: F - F:\Autorun.exe
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {0f98fe82-32d1-11e4-bc44-806e6f6e6963} - D:\installer.exe
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {872b4627-a482-11e2-a3cb-78e3b5657a3c} - G:\autorun.exe
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {f5c6f352-f338-11e1-a99d-806e6f6e6963} - F:\Autorun.exe
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    EmptyTemp:
    End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST and press the Fix button just once and wait.
    The tool will make a log (Fixlog.txt) please post it to your reply.

    =========================

    In your next post please provide the following:
    • SystemLook.txt
    • AdwCleaner[S0].txt & AdwCleaner[S1].txt
    • JRT.txt
    • Fixlog.txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  5. #5
    Junior Member
    Join Date
    Feb 2015
    Posts
    15

    Default

    Okay ! they were not open in Word, they are like 1-2 year old homework haha! But after the protect hidden file thingy they all disapeared! (I went to do it in control panel - folder option)

    When I opened Internet Explorer (didn't even remember I had that on my laptop haha!) It asked me to allow Avast! for something about protection so I allowed it. It ask for ''Spybot-SD IE Protection'' Add-on is ready for use and I enabled it.

    While I'm doing the reset of the homepages, I wonder which is best, Chrome, Firefox or Explorer?

    For the adwcleaner, in the notepad, it was [S2] that opened not [S0] so I'll copy-paste S2 too after S0 and S1 (just in case it's helpful, just wanna help you)

    For the junkware removal tool, I couldn't find a way to close Avast. It always stayed in my bar in the bottom right corner of my screen

    SystemLook log :

    SystemLook 30.07.11 by jpshortstuff
    Log created at 21:49 on 08/02/2015 by Jessica
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*Somoto*"
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip --a---- 541 bytes [21:52 02/02/2015] [21:52 02/02/2015] 3504F013AE62573E00FE2AE3B491A4E6
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller1.zip --a---- 614 bytes [21:52 02/02/2015] [21:52 02/02/2015] 13EA0D2CB0D2D5D17A4CFF7BBA34C1E9
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller2.zip --a---- 541 bytes [21:52 02/02/2015] [21:52 02/02/2015] 030C398A9E1AB8A3BAAC7391D026F01E
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller3.zip --a---- 614 bytes [21:52 02/02/2015] [21:52 02/02/2015] 542F97CFE59C54843F258FB89C7C68DC
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller4.zip --a---- 543 bytes [22:42 06/02/2015] [22:42 06/02/2015] A1EC49DFE52FF62DEB359B3EC1786E02
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller5.zip --a---- 616 bytes [22:42 06/02/2015] [22:42 06/02/2015] D861DB29EFC70CA753A26FDF163C64EF
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller6.zip --a---- 541 bytes [23:00 06/02/2015] [23:00 06/02/2015] F81ADF2B366029DC5098B93988004483
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller7.zip --a---- 614 bytes [23:00 06/02/2015] [23:00 06/02/2015] 7D079BE4C715548329E294DF52840B13
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip --a---- 541 bytes [21:52 02/02/2015] [21:52 02/02/2015] 3504F013AE62573E00FE2AE3B491A4E6
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller1.zip --a---- 614 bytes [21:52 02/02/2015] [21:52 02/02/2015] 13EA0D2CB0D2D5D17A4CFF7BBA34C1E9
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller2.zip --a---- 541 bytes [21:52 02/02/2015] [21:52 02/02/2015] 030C398A9E1AB8A3BAAC7391D026F01E
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller3.zip --a---- 614 bytes [21:52 02/02/2015] [21:52 02/02/2015] 542F97CFE59C54843F258FB89C7C68DC
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller4.zip --a---- 543 bytes [22:42 06/02/2015] [22:42 06/02/2015] A1EC49DFE52FF62DEB359B3EC1786E02
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller5.zip --a---- 616 bytes [22:42 06/02/2015] [22:42 06/02/2015] D861DB29EFC70CA753A26FDF163C64EF
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller6.zip --a---- 541 bytes [23:00 06/02/2015] [23:00 06/02/2015] F81ADF2B366029DC5098B93988004483
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller7.zip --a---- 614 bytes [23:00 06/02/2015] [23:00 06/02/2015] 7D079BE4C715548329E294DF52840B13

    ========== folderfind ==========

    Searching for "*Somoto*"
    No folders found.

    -= EOF =-

    awdcleaner S0 :

    # AdwCleaner v3.311 - Report created 02/10/2014 at 21:15:09
    # Updated 30/09/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Jessica - JESSICA-HP
    # Running from : C:\Users\Jessica\Desktop\adwcleaner_3.311.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : Util Caramava
    Service Deleted : {e6ca9971-30ed-444a-9489-82fca50b2062}Gw64

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\374311380
    Folder Deleted : C:\ProgramData\CheaupMMe
    Folder Deleted : C:\ProgramData\JoniCouapon
    Folder Deleted : C:\ProgramData\NetOCOuupono
    Folder Deleted : C:\ProgramData\savuEE Net
    Folder Deleted : C:\Program Files (x86)\Astromenda
    Folder Deleted : C:\Program Files (x86)\Caramava
    Folder Deleted : C:\Program Files (x86)\savuEE Net
    Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
    Folder Deleted : C:\Users\Administrator\AppData\Local\torch
    Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
    Folder Deleted : C:\Users\Guest\AppData\Local\torch
    Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
    Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
    Folder Deleted : C:\Users\Jessica\AppData\Local\Astromenda
    Folder Deleted : C:\Users\Jessica\AppData\Local\Chromatic Browser
    Folder Deleted : C:\Users\Jessica\AppData\Local\NativeMessaging
    Folder Deleted : C:\Users\Jessica\AppData\Local\torch
    Folder Deleted : C:\Users\Jessica\AppData\Local\Temp\App Bud
    Folder Deleted : C:\Users\Jessica\AppData\Roaming\Astromenda
    Folder Deleted : C:\Users\Jessica\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Jessica\AppData\Roaming\VOPackage
    Folder Deleted : C:\Users\Jessica\Documents\Optimizer Pro
    Folder Deleted : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgjlglddicjopgimohdcbmabacamll
    Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    [!] Folder Deleted : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgjlglddicjopgimohdcbmabacamll
    File Deleted : C:\Windows\System32\roboot64.exe
    File Deleted : C:\Windows\System32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys
    File Deleted : C:\Users\Jessica\AppData\Roaming\LiveSupport.exe_log.txt
    File Deleted : C:\Users\Jessica\AppData\Roaming\regsvr32.exe_log.txt
    File Deleted : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\searchplugins\astromenda.xml
    File Deleted : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\searchplugins\trovi-search.xml
    File Deleted : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\user.js
    File Deleted : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
    File Deleted : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****

    Task Deleted : AmiUpdXp
    Task Deleted : ASP
    Task Deleted : Astromenda
    Task Deleted : WSE_Astromenda

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfcgjlglddicjopgimohdcbmabacamll
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfcgjlglddicjopgimohdcbmabacamll
    Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
    Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
    Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
    Key Deleted : HKCU\Software\Astromenda
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\RegisteredApplicationsEx
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
    Key Deleted : HKLM\SOFTWARE\InstallCore
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKLM\SOFTWARE\Trymedia Systems
    Key Deleted : HKLM\SOFTWARE\VBMZ
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17280


    -\\ Mozilla Firefox v29.0.1 (en-GB)

    [ File : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jgrffq6f.default\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
    Deleted [Extension] : dlnembnfbcpjnepmfjmngjenhhajpdfd
    Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
    Deleted [Extension] : jifflliplgeajjdhmkcfnngfpgbjonjg
    Deleted [Extension] : klibnahbojhkanfgaglnlalfkgpcppfi
    Deleted [Extension] : pfcgjlglddicjopgimohdcbmabacamll

    *************************

    AdwCleaner[R0].txt - [10612 octets] - [02/10/2014 21:12:32]
    AdwCleaner[S0].txt - [9846 octets] - [02/10/2014 21:15:09]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9906 octets] ##########

    awdcleaner S1 :

    # AdwCleaner v4.110 - Logfile created 08/02/2015 at 19:42:59
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-08.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Jessica - JESSICA-HP
    # Running from : C:\Users\Jessica\Desktop\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\AAllSauveer
    Folder Deleted : C:\ProgramData\8b9a5f2a1506d3e1
    Folder Deleted : C:\Users\Jessica\AppData\Local\DriverTuner

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99E29823-2F67-41C3-8AA5-6425097A771F}
    Key Deleted : HKCU\Software\DriverTuner_Init
    Key Deleted : HKCU\Software\DriverTuner
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496


    -\\ Mozilla Firefox v32.0.3 (x86 en-GB)


    -\\ Google Chrome v


    -\\ Comodo Dragon v


    -\\ Chrome Canary v


    *************************

    AdwCleaner[R0].txt - [10612 bytes] - [02/10/2014 20:12:32]
    AdwCleaner[R1].txt - [1553 bytes] - [08/02/2015 19:38:39]
    AdwCleaner[S0].txt - [10018 bytes] - [02/10/2014 20:15:09]
    AdwCleaner[S1].txt - [1401 bytes] - [08/02/2015 19:42:59]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1460 bytes] ##########

    awdcleaner S2 :

    # AdwCleaner v4.110 - Logfile created 08/02/2015 at 22:06:14
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-08.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Jessica - JESSICA-HP
    # Running from : C:\Users\Jessica\Desktop\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496


    -\\ Mozilla Firefox v32.0.3 (x86 en-GB)


    -\\ Google Chrome v


    -\\ Comodo Dragon v


    -\\ Chrome Canary v


    *************************

    AdwCleaner[R0].txt - [10612 bytes] - [02/10/2014 20:12:32]
    AdwCleaner[R1].txt - [1553 bytes] - [08/02/2015 19:38:39]
    AdwCleaner[R2].txt - [1070 bytes] - [08/02/2015 21:56:01]
    AdwCleaner[R3].txt - [1130 bytes] - [08/02/2015 22:00:58]
    AdwCleaner[S0].txt - [10018 bytes] - [02/10/2014 20:15:09]
    AdwCleaner[S1].txt - [1540 bytes] - [08/02/2015 19:42:59]
    AdwCleaner[S2].txt - [1058 bytes] - [08/02/2015 22:06:14]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1117 bytes] ##########

    Jrt.txt :

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by Jessica on 08/02/2015 at 22:14:01.12
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\wininit.ini"



    ~~~ Folders

    Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{11E6EC49-7041-4602-BC6E-5BDD638B2D9C}
    Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{845E03C3-EBED-4615-9BA7-D2EFE7941615}
    Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{967BED3D-1072-4608-90E4-D6D290AE3547}



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 08/02/2015 at 22:21:17.61
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Fixlog.txt :

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
    Ran by Jessica at 2015-02-08 22:24:01 Run:2
    Running from C:\Users\Jessica\Desktop
    Loaded Profiles: Jessica (Available profiles: Jessica)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: F - F:\Autorun.exe
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {0f98fe82-32d1-11e4-bc44-806e6f6e6963} - D:\installer.exe
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {872b4627-a482-11e2-a3cb-78e3b5657a3c} - G:\autorun.exe
    HKU\S-1-5-21-2557544163-3699447316-167012314-1000\...\MountPoints2: {f5c6f352-f338-11e1-a99d-806e6f6e6963} - F:\Autorun.exe
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    "HKU\S-1-5-21-2557544163-3699447316-167012314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => Key deleted successfully.
    "HKU\S-1-5-21-2557544163-3699447316-167012314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f98fe82-32d1-11e4-bc44-806e6f6e6963}" => Key deleted successfully.
    HKCR\CLSID\{0f98fe82-32d1-11e4-bc44-806e6f6e6963} => Key not found.
    "HKU\S-1-5-21-2557544163-3699447316-167012314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{872b4627-a482-11e2-a3cb-78e3b5657a3c}" => Key deleted successfully.
    HKCR\CLSID\{872b4627-a482-11e2-a3cb-78e3b5657a3c} => Key not found.
    "HKU\S-1-5-21-2557544163-3699447316-167012314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5c6f352-f338-11e1-a99d-806e6f6e6963}" => Key deleted successfully.
    HKCR\CLSID\{f5c6f352-f338-11e1-a99d-806e6f6e6963} => Key not found.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    EmptyTemp: => Removed 56 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 22:24:09 ====

  6. #6
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi Jess37,

    While I'm doing the reset of the homepages, I wonder which is best, Chrome, Firefox or Explorer?
    There is no best browser. Browsers are just a personal preference. Whichever one you are most comfortable with.

    =========================

    The Somoto items are in Spybot's quarantine folder, but let's remove them anyway.

    FRST Fix Script

    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

    Code:
    Start
    CloseProcesses:
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip 
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller1.zip 
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller2.zip 
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller3.zip 
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller4.zip 
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller5.zip 
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller6.zip 
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller7.zip 
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip 
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller1.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller2.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller3.zip 
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller4.zip 
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller5.zip 
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller6.zip 
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller7.zip 
    EmptyTemp:
    End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST and press the Fix button just once and wait.
    The tool will make a log (Fixlog.txt) please post it to your reply.

    =========================

    Malwarebytes' Anti-Malware

    Download Malwarebytes' Anti-Malware (save it to your desktop).
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Select Scan tab.
    • Select type of scan to perform:

      • Threat Scan < --- Select this type of scan
      • Custom Scan
      • Hyper Scan
    • Next click the Scan button.
    • When the scan is complete, if no malicious items are found you can close the program.
    • If malicious items are found be sure that everything is checked, and click Quarantine .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

    =========================

    ESET Online Scanner

    *Note:
    • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    • Please don't go surfing while your resident protection is disabled!
    • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

    ** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

    = = = = = = = = = = = = = = = = = = = =

    Go here to run ESET Online Scanner

    (Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
    • Click Start
    • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is Un-checked.
    • Click Scan.
    • Wait for the scan to finish.
    • When the scan completes, click List of found threats
    • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
    • Include the contents of this report in your next reply

      Note - when ESET doesn't find any threats, no report will be created.
    • Push the back button.
    • Push Finish
    • Re-enable your Antivirus software.

    =========================

    In your next post please provide the following:

    • Fixlog.txt
    • MBAM log
    • ESET's log.txt
    • How's the computer running, any symptoms?

    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  7. #7
    Junior Member
    Join Date
    Feb 2015
    Posts
    15

    Default

    Ok well I'm doing the ESET online scanner and it's reaaaally slow.... It has been 3h06 and it's at only 47%..... It's the WildTangent files that takes the more time.... So I'm gonna run it overnight and finish all that you asked for tomorrow

  8. #8
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi Jess37,

    Yes, sometimes ESET can take quite a few hours to complete. Post the logs when they are available.
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  9. #9
    Junior Member
    Join Date
    Feb 2015
    Posts
    15

    Default

    Okay so if I have any symptoms? Well the only thing is that it takes way more time betwewn writting my password to enter in my windows account and seeing my desktop... And yeah my laptop is slow, don't know if it's because it's not a good one or if it's cause by something else like a virus

    Will you be able to tell me when to delete the different log files on my desktop and aswmbr, securitycheck, registery backup, jrt, systemlook, adwcleaner, malwarebytes, etc. and tell me which is good to keep with spybot??

    There was 4 detected non-malware items with malwarebyte : 2 PUP.Optional.Rocketfuel, 1 PUP.Optional.Softonic.A, 1 PUP.Optional.WhiteSmoke.A (this one was blue) Now they are all cleaned

    ESET took long enough XD 4h30 damn! but here it is, before I go to sleep!

    So here's the log in order

    Fixlog :

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
    Ran by Jessica at 2015-02-09 08:39:30 Run:3
    Running from C:\Users\Jessica\Desktop
    Loaded Profiles: Jessica (Available profiles: Jessica)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller1.zip
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller2.zip
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller3.zip
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller4.zip
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller5.zip
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller6.zip
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller7.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller1.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller2.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller3.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller4.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller5.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller6.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller7.zip
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip => Moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller1.zip => Moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller2.zip => Moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller3.zip => Moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller4.zip => Moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller5.zip => Moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller6.zip => Moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller7.zip => Moved successfully.
    "C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip" => File/Directory not found.
    "C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller1.zip" => File/Directory not found.
    "C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller2.zip" => File/Directory not found.
    "C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller3.zip" => File/Directory not found.
    "C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller4.zip" => File/Directory not found.
    "C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller5.zip" => File/Directory not found.
    "C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller6.zip" => File/Directory not found.
    "C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller7.zip" => File/Directory not found.
    EmptyTemp: => Removed 7.9 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 08:39:39 ====

    Malware bytes log (i think it's this one) :

    <?xml version="1.0" encoding="UTF-16" ?>
    <mbam-log>
    <header>
    <date>2015/02/09 08:54:15 -0400</date>
    <logfile>mbam-log-2015-02-09 (08-54-13).xml</logfile>
    <isadmin>yes</isadmin>
    </header>
    <engine>
    <version>2.00.4.1028</version>
    <malware-database>v2015.02.09.05</malware-database>
    <rootkit-database>v2015.02.03.01</rootkit-database>
    <license>free</license>
    <file-protection>disabled</file-protection>
    <web-protection>disabled</web-protection>
    <self-protection>disabled</self-protection>
    </engine>
    <system>
    <osversion>Windows 7 Service Pack 1</osversion>
    <arch>x64</arch>
    <username>Jessica</username>
    <filesys>NTFS</filesys>
    </system>
    <summary>
    <type>threat</type>
    <result>completed</result>
    <objects>387138</objects>
    <time>2222</time>
    <processes>0</processes>
    <modules>0</modules>
    <keys>2</keys>
    <values>0</values>
    <datas>0</datas>
    <folders>0</folders>
    <files>2</files>
    <sectors>0</sectors>
    </summary>
    <options>
    <memory>enabled</memory>
    <startup>enabled</startup>
    <filesystem>enabled</filesystem>
    <archives>enabled</archives>
    <rootkits>disabled</rootkits>
    <deeprootkit>disabled</deeprootkit>
    <heuristics>enabled</heuristics>
    <pup>warn</pup>
    <pum>enabled</pum>
    </options>
    <items>
    <key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>8adfa07c7218fb3bf0eb0e82d72cf30d</hash></key>
    <key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\WhiteSmoke_New</path><vendor>PUP.Optional.WhiteSmoke.A</vendor><action>success</action><hash>cb9e37e5fc8e01356db06435aa59c43c</hash></key>
    <file><path>C:\Users\Jessica\Downloads\PDFCreatorInstaller (1).exe</path><vendor>PUP.Optional.Rocketfuel</vendor><action>success</action><hash>432649d38ffb1d19dac1a545e71a9b65</hash></file>
    <file><path>C:\Users\Jessica\Downloads\PDFCreatorInstaller.exe</path><vendor>PUP.Optional.Rocketfuel</vendor><action>success</action><hash>412857c5216962d4217a67837b868d73</hash></file>
    </items>
    </mbam-log>

    ESET (there's alot of threats D: ) :

    C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
    C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js JS/Chromex.Agent.L trojan
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js JS/Kryptik.ATB trojan
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js JS/Kryptik.ATB trojan
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js JS/Chromex.Agent.L trojan
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js JS/Kryptik.ATB trojan
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js JS/Kryptik.ATB trojan
    C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
    C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js JS/Chromex.Agent.L trojan
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js JS/Kryptik.ATB trojan
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js JS/Kryptik.ATB trojan
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js JS/Chromex.Agent.L trojan
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js JS/Kryptik.ATB trojan
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js JS/Kryptik.ATB trojan
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js JS/Chromex.Agent.L trojan
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js JS/Kryptik.ATB trojan
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js JS/Kryptik.ATB trojan
    C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js JS/Chromex.Agent.L trojan
    C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js JS/Kryptik.ATB trojan
    C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
    C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
    C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js JS/Kryptik.ATB trojan
    C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js JS/Chromex.Agent.L trojan
    C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js JS/Kryptik.ATB trojan
    C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan
    C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan
    C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js JS/Kryptik.ATB trojan
    C:\Users\Jessica\Downloads\iMeshSetup-r1157-n-bc.exe Win32/Toolbar.SearchSuite potentially unwanted application
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hk64tbWhi0.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hk64tbWhit.dll Win64/Toolbar.Conduit.A potentially unwanted application
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hktbWhi0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hktbWhit.dll Win32/Toolbar.Conduit.W potentially unwanted application
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\ldrtbWhi0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\ldrtbWhit.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\tbWhi0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\tbWhi1.dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\tbWhit.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hk64tbWhi0.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hk64tbWhit.dll Win64/Toolbar.Conduit.A potentially unwanted application
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hktbWhi0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hktbWhit.dll Win32/Toolbar.Conduit.W potentially unwanted application
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\ldrtbWhi0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\ldrtbWhit.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\tbWhi0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\tbWhi1.dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\tbWhit.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\NativeMessaging\CT3287802\1_0_0_4\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\torch\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\torch\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\torch\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\torch\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\torch\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\torch\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Roaming\Astromenda\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.S potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir Win32/Systweak.G potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Roaming\VOPackage\runasu.exe.vir a variant of Win32/VOPackage.V potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Roaming\VOPackage\VOPackage.exe.vir Win32/VOPackage.AD potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys.vir a variant of Win64/BrowseFox.BN potentially unwanted application deleted - quarantined
    C:\FRST\Quarantine\C\Users\Jessica\Downloads\trzB778.tmp.xBAD a variant of Win32/AdWare.MultiPlug.CT application cleaned by deleting - quarantined
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\content.js JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi\1.0\NPae.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\c4Wnyj.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\142\content.js JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\content.js JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc\5.14\FBW_suppqviV.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

  10. #10
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi Jess37,

    Will you be able to tell me when to delete the different log files on my desktop and aswmbr, securitycheck, registery backup, jrt, systemlook, adwcleaner, malwarebytes, etc. and tell me which is good to keep with spybot??
    Yes, I will cover all those questions as soon as we finish cleaning the malware from your computer. (soon )

    Delete cache and other browser data in Chrome
    • Click the Chrome menu on the browser toolbar.
    • Select Tools.
    • Select Clear browsing data.
    • In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.
      • Clear browsing history
      • Clear download history
      • Empty the cache
      • Delete cookies and other site and plug-in data
      • Clear saved passwords
      • Clear saved Autofill form data
      • Clear data from hosted apps
      • Deauthorize content licenses
    • Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
    • Click Clear browsing data.

    =========================

    FRST Fix Script

    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

    Code:
    Start
    HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic
    HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\WhiteSmoke_New
    C:\Users\Jessica\Downloads\PDFCreatorInstaller (1)
    C:\Users\Jessica\Downloads\PDFCreatorInstaller.exe
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New
    C:\Users\Jessica\Downloads\iMeshSetup-r1157-n-bc.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim 
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim 
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc 
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim 
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi
    C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
    C:\Users\Jessica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihophofladbnhomonomopnnldccficpi 
    C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim
    C:\Users\Jessica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgkekciipindfkhlhpikphabikgdocpc
    End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST and press the Fix button just once and wait.
    The tool will make a log (Fixlog.txt) please post it to your reply.

    =========================

    TFC

    Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
      • Vista, Windows 7 & 8 Right click and select "Run as Administrator"
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean

    =========================

    Re-run Farbar Recovery Scan Tool it should be on your desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

    =========================

    In your next post please provide the following:
    • Fixlog.txt
    • new FRST
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •